ISO/IEC 42001 AI Management System — Risk Assessment

Yes. ISO/IEC 42001 AI Management System addresses Risk Assessment through 1 provision.

Does ISO/IEC 42001 AI Management System require Risk Assessment?

OECD • voluntary

Yes — 1 provision

This regulation imposes 4 specific requirements for Risk Assessment across 1 provision:

Risk assessment — Establish processes to identify and assess AI-related risks
Risk treatment — Implement controls to treat identified risks
Objectives — Set measurable AI management objectives
Leadership commitment — Top management must demonstrate commitment to the AI management system

Obligation:

voluntary

Effective:

Dec 18, 2023

Risk tier:

all

Scope:

providers, deployers

Requirement	Details
Risk assessment	Establish processes to identify and assess AI-related risks
Risk treatment	Implement controls to treat identified risks
Objectives	Set measurable AI management objectives
Leadership commitment	Top management must demonstrate commitment to the AI management system

Violation	Fine
Non-compliance	Voluntary — certification-based, no direct penalties